After signing our jars in our RCP products, the materialization phase stated to fail with: java.security.NoSuchAlgorithmException: No algorithm found for 1.2.840.113549.1.1.11
This tycho build has been running for years. After a lot of research and adding verbose to the jarsigner verify, I noticed that the TSA signature algorithm had changed from our last build about a month ago:
Originally:
TSA X.509, CN=Entrust Time Stamping Authority, O="Entrust, Inc.", L=Ottawa, ST=Ontario, C=CA [certificate is valid from 10/5/18, 4:33 PM to 1/5/30, 4:03 PM] X.509, CN=Entrust Timestamping CA - TS1, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US [certificate is valid from 7/22/15, 3:02 PM to 6/22/29, 3:32 PM] Timestamped by "CN=Entrust Time Stamping Authority, O="Entrust, Inc.", L=Ottawa, ST=Ontario, C=CA" on Thu Aug 06 22:09:23 UTC 2020 Timestamp digest algorithm: SHA-256 Timestamp signature algorithm: SHA256withRSA, 2048-bit key
Latest:
TSA X.509, CN=Entrust Timestamp Authority - TSA1, O="Entrust, Inc.", L=Ottawa, ST=Ontario, C=CA [certificate is valid from 7/22/20, 11:33 AM to 12/29/30, 11:29 AM] X.509, CN=Entrust Timestamping CA - TS1, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US [certificate is valid from 7/22/15, 3:02 PM to 6/22/29, 3:32 PM] X.509, CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net [trusted certificate] Timestamped by "CN=Entrust Timestamp Authority - TSA1, O="Entrust, Inc.", L=Ottawa, ST=Ontario, C=CA" on Fri Aug 28 17:57:43 UTC 2020 Timestamp digest algorithm: SHA-256 Timestamp signature algorithm: SHA256withSHA256withRSA, 4096-bit key
The SHA256withSHA256withRSA is not recognized by Eclipse PKCS7Processor and thus can't process those jars. As a workaround we switched back to Comodo for TSA, but I'm wondering if this is a legal signature algorithm or not.
